Hello, Rob Crittenden via FreeIPA-users freeipa-users@lists.fedorahosted.org writes:
mir mal via FreeIPA-users wrote:
I'm still struggling to find a clue why it's happening, any help much appriciated.
This stands out:
Nov 30 10:15:46 csc-64 sshd[608090]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=10.0.0.6 user=c111111 Nov 30 10:15:46 csc-64 sshd[608090]: pam_sss(sshd:auth): authentication success; logname= uid=0 euid=0 tty=ssh ruser= rhost=10.0.0.6 user=c111111 Nov 30 10:15:46 csc-64 sshd[608090]: pam_tally2(sshd:auth): user c111111 (1938600006) tally 52, deny 9
An auth failure immediately followed by an auth success.
And: failure with pam_unix (local user?) and success with pam_sss. On most Systems we have something like that in /etc/pam.d/password-auth or common-auth:
auth [default=1 ignore=ignore success=ok] pam_usertype.so isregular auth [default=1 ignore=ignore success=ok] pam_localuser.so auth sufficient pam_unix.so nullok try_first_pass auth [default=1 ignore=ignore success=ok] pam_usertype.so isregular auth sufficient pam_sss.so forward_pass auth required pam_deny.so
so, call pam_unix only for local users, not IPA users. Something like that?
Jochen